aboutsummaryrefslogtreecommitdiffstats
path: root/lib/Fripost
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-09-02 05:48:19 +0200
committerGuilhem Moulin <guilhem@fripost.org>2018-09-02 05:48:19 +0200
commitc721370bc2c7ee369b292ba768cb20a9864a805c (patch)
treea5bed3619b5a11661c53d1c55f203b8f1cb308bf /lib/Fripost
parentc3af385908866291109afb8cf8779da555a9922a (diff)
Fripost::Session: OO interface.
Diffstat (limited to 'lib/Fripost')
-rw-r--r--lib/Fripost/Session.pm24
1 files changed, 12 insertions, 12 deletions
diff --git a/lib/Fripost/Session.pm b/lib/Fripost/Session.pm
index 888385f..8cf6405 100644
--- a/lib/Fripost/Session.pm
+++ b/lib/Fripost/Session.pm
@@ -31,10 +31,10 @@ use Crypt::URandom "urandom";
use Fripost ();
-# create(Fripost object)
+# new(Fripost object)
# Create a new ephemeral session from a Fripost object, and return
# suitable credentials for later SASL proxy authorization.
-sub create($$) {
+sub new($$) {
my ($class, $fp) = @_;
# don't base64-encode but hex-encode as the commonName is case-insensitive
@@ -68,23 +68,23 @@ sub create($$) {
bless \%creds, $class;
}
-# authenticate(CREDENTIALS, OPTION => VALUE, ..)
+# authenticate(OPTION => VALUE, ..)
# Create a new Fripost object and return it after authentication
# (using SASL proxy authorization with the ephemeral credentials).
# If the "refresh" is set (the default), then TTL value of the entry
# on the backup is refreshed.
sub authenticate($%) {
- my $creds = shift;
+ my $self = shift;
my %conf = @_;
my $refresh = delete $conf{refresh} // 1;
my $authcid = sprintf($conf{ldap}->{"session-authcID"} // "%s",
- $creds->{authcid});
+ $self->{authcid});
my $sasl = Authen::SASL::->new( mechanism => "PLAIN", callback => {
user => $authcid
- , pass => $creds->{password}
- , authname => $creds->{authzid}
+ , pass => $self->{password}
+ , authname => $self->{authzid}
}) or die "Creation of Authen::SASL object failed";
my $fp = Fripost::->new(%conf);
@@ -94,7 +94,7 @@ sub authenticate($%) {
if ($refresh) {
my $dn = sprintf($conf{ldap}->{"session-authcDN"} // "%s",
- escape_dn_value($creds->{authcid}));
+ escape_dn_value($self->{authcid}));
my $ttl = $conf{www}->{"cache-expires"};
$r = $fp->{_ldap}->refresh(entryName => $dn, requestTtl => $ttl);
$fp->croak("LDAP error code %i: %s\n", $r->code, $r->error)
@@ -103,17 +103,17 @@ sub authenticate($%) {
return $fp;
}
-# authenticate(CREDENTIALS, OPTION => VALUE, ..)
+# authenticate(OPTION => VALUE, ..)
# Create a new Fripost object, authenticate (using SASL proxy
# authorization), and delete the entry on the LDAP backend.
sub destroy($%) {
- my $creds = shift;
+ my $self = shift;
my %conf = @_;
my $dn = sprintf($conf{ldap}->{"session-authcDN"} // "%s",
- escape_dn_value($creds->{authcid}));
+ escape_dn_value($self->{authcid}));
- my $fp = authenticate($creds, %conf, refresh => 0);
+ my $fp = authenticate($self, %conf, refresh => 0);
my $r = $fp->{_ldap}->delete($dn);
$fp->croak("LDAP error code %i: %s\n", $r->code, $r->error)
unless $r->code == LDAP_SUCCESS;